Sure! Regards, Sunny Wang
-----Original Message----- From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ni, Ray Sent: Wednesday, March 4, 2020 3:26 PM To: devel@edk2.groups.io; Wang, Sunny (HPS SW) <sunnyw...@hpe.com>; Sean Brogan <sean.bro...@microsoft.com>; Kinney, Michael D <michael.d.kin...@intel.com> Cc: Wei, Kent (HPS SW) <kent....@hpe.com>; Spottswood, Jason <jason.spottsw...@hpe.com> Subject: Re: [edk2-devel] TianoCore Community Design Meeting Minutes - Feb 21, 2020 Sunny, Let's discuss in this week's meeting to see whether the below enhancement proposal can be aligned first. Thanks, Ray > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wang, > Sunny (HPS SW) > Sent: Wednesday, March 4, 2020 12:12 PM > To: devel@edk2.groups.io; Ni, Ray <ray...@intel.com>; Sean Brogan > <sean.bro...@microsoft.com>; Kinney, Michael D > <michael.d.kin...@intel.com> > Cc: Wang, Sunny (HPS SW) <sunnyw...@hpe.com>; Wei, Kent (HPS SW) > <kent....@hpe.com>; Spottswood, Jason <jason.spottsw...@hpe.com> > Subject: Re: [edk2-devel] TianoCore Community Design Meeting Minutes - > Feb 21, 2020 > > Sorry for not making any progress since last meeting. > Sure! I will work on enhancing the variable policy to support partial > protection and recovery. However, the update will be late because I need to > first deal with other urgent stuff. > By the way, thanks for giving a lot of valuable comments at our > offline discussion, Ray. :) > > Regards, > Sunny Wang > > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Ni, Ray > Sent: Wednesday, March 4, 2020 11:46 AM > To: Sean Brogan <sean.bro...@microsoft.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Wang, Sunny (HPS SW) <sunnyw...@hpe.com> > Cc: Ni, Ray <ray...@intel.com>; devel@edk2.groups.io > Subject: Re: [edk2-devel] TianoCore Community Design Meeting Minutes - > Feb 21, 2020 > > Variable policy works well on protecting a whole variable. > But the BootOrder in Sunny's case may require a partial protection, > which means portion of the variable buffer needs to be read-only. > Today's variable policy proposal doesn't take this into consideration. > If we could enhance variable policy to support partial protection, > @Sunny can you please check whether it can meet your requirement? > > The enhancement I think of is: Introduce two fields to the policy structure > Offset and Length. > Offset (-1) indicates a whole variable protection. > Offset (>= 0) indicates a partial variable protection and the protection > range starts from Offset with Length bytes. > > This enhancement is also useful when some policy fields inside a big policy > structure needs to be read-only. > Protecting multiple discontinuous ranges of a variable can be > achieved by adding multiple policy entries with different Offset/Length. > > > Thanks, > Ray > > > -----Original Message----- > > From: annou...@edk2.groups.io <annou...@edk2.groups.io> On Behalf Of > > Ni, Ray > > Sent: Friday, February 21, 2020 5:17 PM > > To: annou...@edk2.groups.io > > Subject: [edk2-announce] TianoCore Community Design Meeting Minutes > > - Feb 21, 2020 > > > > OPEN: > > Today's meeting is using Zoom because of the long latency using BlueJeans. > > The URL to join meeting is changed. Make sure to check > > https://edk2.groups.io/g/devel/calendar for details. > > We will try Zoom for next meeting as well. If everything is good, we will > > continue to use Zoom. > > > > 1. Platform Libraries for Supporting UEFI Variable Resiliency (HPE) > > Presenter: Sunny Wang > > Slides: > > INVALID URI REMOVED > > devel_files_Designs_2020_0221_Platform-2520Libraries-2520for-2520Sup > > po > > rting-2520UEFI-2520Variable-25&d=DwIFAg&c=C5b8zRQO1miGmBeVZ2LFWg&r=Z > > 9c > > LgEMdGZCI1_R0bW6KqOAGzCXLJUR24f8N3205AYw&m=U5okqrn3H585vxU4GwALnIBwi > > 0s 0dQ0hYIDuFj2z-4Y&s=oG0quXKBZu3XD7Drm04CsF445C8kfOGOJGzeqACJxAA&e= > > 20Resiliency.pdf > > > > Problem: Support UEFI variable resiliency to compliant to security > > related guidelines and requirements. #page 2 > > > > Locking BootOrder causes issues in OSes which is not acceptable. > > EDKII is lack of interfaces for adding platform variable protection. > > Today's presentation is to propose a solution. > > Basic rule of how variable resiliency manages BootOrder changes: > > #5-#6 > > - Put down untrusted changes > > - Keep trusted changes > > > > @Mike: Where is the reference data stored? > > @Sunny: In BMC. > > > > <Can variable policy protocol help?> > > @Mike: Would like to see a small enhancement in variable policy protocol > > proposed by Microsoft to meet your case. > > @Sunny: I checked the variable policy proposal by Microsoft. Using that > > might be complicated. > > @Sean: We (Microsoft) have looked this. Variable hook in DXE phase > > not in SMM is a security hole. Don't like the way of managing > > BootOrder by allowing OS to change BootOrder and reverting. Boot#### > > may contain critical data for OS and reverting that may cause > troubles. > > @Sunny: I cannot think of solutions for OS runtime change. > > > > <Problem discussion> > > @Mike: I would break the big problem to 3 smaller ones: > > 1. variable data corruption > > It requires a way to detect corruption and recovery. > > 2. critical platform variables > > It usually requires a lock mechanism and variable policy proposal > > is more general for this protection. > > 3. UEFI variables with multiple producers > > How to protect them could be a topic for USWG. > > @Sean: The scope of the problem discussed in this presentation is > > huge. Can a platform module run at a different point of time to manage the > > variable storage instead of using hook way? > > @Sunny: BootOrder is just one of the variables that need protection. > > > > <Can using a separate platform module instead of hooking help?> > > @Mike: Using a separate platform module might be better because it > > will also check the variables not changed by firmware. > > @Sean: PEI modules may access the wrong data modified by untrusted entity. > > @Ray: Is the protection based on not just the variable GUID/name, but also > > who requests the change? > > @Sunny: Yes. Following sides (#page 10+) will talk about protection from > > non-trusted entity. > > @Ray: Let's move to email discussion first. Identify the scope of the > > problem first. > > > > Thanks, > > Ray > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#55367): https://edk2.groups.io/g/devel/message/55367 Mute This Topic: https://groups.io/mt/71718822/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-